This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Updated buffer overflow protection patch

From: Diego Novillo <dnovillo at redhat dot com>
To: Jakub Jelinek <jakub at redhat dot com>
Cc: "gcc-patches at gcc dot gnu dot org" <gcc-patches at gcc dot gnu dot org>, Ulrich Drepper <drepper at redhat dot com>, Arjan van de Ven <arjanv at redhat dot com>, pop at cri dot ensmp dot fr, Zdenek Dvorak <rakdver at atrey dot karlin dot mff dot cuni dot cz>
Date: Wed, 27 Oct 2004 13:35:19 -0400
Subject: Re: [PATCH] Updated buffer overflow protection patch
Organization: Red Hat Canada
References: <20040923193109.GY31909@devserv.devel.redhat.com> <1098820192.10239.40.camel@localhost.localdomain> <20041027081854.GE12650@devserv.devel.redhat.com> <1098895378.6291.178.camel@localhost.localdomain> <20041027171257.GH12650@devserv.devel.redhat.com>

On Wed, 2004-10-27 at 13:12, Jakub Jelinek wrote:

> gets is not a builtin (and not sure why it should be).  This is something
> that can be trivially dealt in the headers, so the compiler doesn't need
> to be involved.
> 
I meant the builtins we already know about.  But it's more of a minor
issue.  If the glibc folks are happy with it, I don't mind too much.


> I think it is better to keep policy decision in libc's hands
> (or aux library with <string.h>/<stdio.h> using #include_next),
> I don't see what we would gain by hardcoding it in GCC.
> 
Fair enough.

> If it is not computed on-demand, then all pointers need to have object sizes
> computed 4 values (maximum object size, maximum subobject size, minimum
> object size, minimum subobject size).
> 
Yes, they do.  Much as they all have alias/points-to info even if
they're not seemingly used.  Remember that other transformations may
suddenly cause you to care about these attributes.

> > Hmm?  I thought the second argument for __bos was a boolean?  We have
> 
> It is not, it is an integer from 0 to 3 (well, essentially a bitmask).
> 
Then you are lying in doc/extend.texi ;)

What's this bit mask then?

> > the capability of counting number of iterations in a loop.  If the loop
> > is countable, you could easily deduce what would be the value of p at
> > the end (Sebastian, Zdenek, is this correct?)
> 
> __bos can be used also within the loop, plus it should handle uncountable
> loops as well.
>
Oh, absolutely.  In which case you'd have to fold it into -1.


> I'd appreciate that.  I'll try to help as soon as you have something.
> gcc.dg/builtin-object-size-{1,2,3,4,5}.c tests cover __bos quite a lot,
> so it will be easy to find out if the new implementation covers at least
> all the cases as my current one and whether it covers even more things.
> 
Sure.  Could you send me an updated patch?  The one I have didn't apply
cleanly.


> For me the more important part is the use visible interface, how exactly
> the propagator works is only an implementation detail that can be changed
> in the future when needed.  __bos is always allowed to return a safe
> "don't know" value, therefore in the future __bos can handle more cases
> precisely.
> 
Agreed.  At this point, I think that we could try it out internally and
see about adding it on 4.1.  You will need another maintainer to go over
the builtin-specific parts.  Not my area of approval.


Diego.

Follow-Ups:
- Re: [PATCH] Updated buffer overflow protection patch
  - From: Jakub Jelinek

References:
- Re: [PATCH] Updated buffer overflow protection patch
  - From: Diego Novillo
- Re: [PATCH] Updated buffer overflow protection patch
  - From: Jakub Jelinek
- Re: [PATCH] Updated buffer overflow protection patch
  - From: Diego Novillo
- Re: [PATCH] Updated buffer overflow protection patch
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]